Bump the bun-dependencies group with 8 updates

[dependabot]

Bumps the bun-dependencies group with 8 updates:

Package	From	To
vue	3.5.34	3.5.35
vue-router	5.0.7	5.1.0
@biomejs/biome	2.4.15	2.4.16
cypress	15.15.0	15.16.0
start-server-and-test	3.0.5	3.0.6
vite	8.0.14	8.0.16
vitest	4.1.7	4.1.8
vue-tsc	3.3.2	3.3.3

Updates vue from 3.5.34 to 3.5.35

Release notes

Sourced from vue's releases.

v3.5.35

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

Changelog

Sourced from vue's changelog.

3.5.35 (2026-05-27)

Bug Fixes

• compiler-core: avoid double processing v-for keys with v-memo (#14861) (34a0ded), closes #14859
• compiler-sfc: resolve top-level exports from files registered as global types (#14805) (3d077f2), closes nuxt/nuxt#33694
• runtime-core: avoid repeated hydration mismatch checks (#14857) (170fc95), closes #14855
• runtime-core: skip idle persisted transition hooks in keep-alive moves (#14865) (80fc139), closes #14031
• server-renderer: propagate sync errors from ssrRenderSuspense (#14804) (4760997), closes nuxt/nuxt#28162
• teleport: skip child unmount when pending mount discarded (#14876) (#14877) (584beb1)

Performance Improvements

• reactivity: skip type checks for cached proxies (#14860) (5734fe9)
• runtime-dom: optimize array event handler dispatch (#14828) (bb18dc8)
• server-renderer: avoid materializing iterables in ssrRenderList (#14821) (1b7a2cc)

Commits

• 8be32d6 release: v3.5.35
• 80fc139 fix(runtime-core): skip idle persisted transition hooks in keep-alive moves (...
• d6c7371 ci: use backup action for size report comments
• bb18dc8 perf(runtime-dom): optimize array event handler dispatch (#14828)
• 5734fe9 perf(reactivity): skip type checks for cached proxies (#14860)
• 584beb1 fix(teleport): skip child unmount when pending mount discarded (#14876) (#14877)
• 34a0ded fix(compiler-core): avoid double processing v-for keys with v-memo (#14861)
• 170fc95 fix(runtime-core): avoid repeated hydration mismatch checks (#14857)
• 1b7a2cc perf(server-renderer): avoid materializing iterables in ssrRenderList (#14821)
• 3d077f2 fix(compiler-sfc): resolve top-level exports from files registered as global ...
• Additional commits viewable in compare view

Updates vue-router from 5.0.7 to 5.1.0

Release notes

Sourced from vue-router's releases.

v5.1.0

   🚀 Features

• Typed definePage params.path  -  by @​posva in vuejs/router#2716 (d65de)
• Strict type for definePage param default  -  by @​posva (0ae10)
• Support raw param parsers  -  by @​posva (eadec)
• Force array type raw param parsers  -  by @​posva (7a68b)
• Allow overriding the global Router type  -  by @​posva (1cd93)
• Emit runtime warning for invalid format in query params  -  by @​posva (8259a)
• Override useRouter() return with experimental types config  -  by @​posva (39a34)
• Allow string as a param parser for convenience  -  by @​posva (be37b)

   🐞 Bug Fixes

• Fix auto import fixes and make experimental esm only  -  by @​posva (db3a6)
• Deterministic param parser types order  -  by @​posva (bf0fc)
• Avoid importing unused param parsers  -  by @​posva (41c00)
• Filter invalid query params without failing to match  -  by @​posva (db717)
• Detect not set format  -  by @​posva (aa89e)
• Allow undefined values for params in query  -  by @​posva (4726e)
• experimental: Repeatable params in subsegments  -  by @​posva (84664)
• types: Add vite as optional peer dependency  -  by @​ForgottenR, @​posva and shihuijie in vuejs/router#2712 (facbf)

    View changes on GitHub

Commits

• c0e3226 release: vue-router@5.1.0
• 9ca7672 chore: fix playgroundc usage
• 315cc09 refactor(experimental): remove defineQueryParamParser and definePathParamParser
• 7fa42f4 docs: fix gen and dead links
• 1b3a068 refactor: organize imports and exports add back Router
• 665be2d docs: links update
• 5d79bd2 chore: unused param
• 9ccf3d1 docs: experimental
• eee8ac6 chore: playground param parsers testing
• 0194b85 build: build before test:types
• Additional commits viewable in compare view

Updates @biomejs/biome from 2.4.15 to 2.4.16

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.16

2.4.16

Patch Changes

• #10329 ef764d5 Thanks @​Conaclos! - Fixed an issue where diagnostics showed an incorrect location in Astro files.

• #10363 50aa415 Thanks @​dyc3! - Fixed HTML formatting for a case where comments could cause the formatter to split up a closing tag, which would cause the resulting HTML to be syntactically invalid.

  Input:

  <span
    ><!-- 1
  --><span>a</span
    ><!-- 2
  --><span>b</span
    ><!-- 3
  --></span>

  Output:

    <span
  	  ><!-- 1
  - --> <span>a</span<!-- 2
  - --> ><span>b</span><!-- 3
  + --><span>a</span><!-- 2
  + --><span>b</span><!-- 3
    --></span
    >

• #10465 0c718da Thanks @​dfedoryshchev! - Fixed diagnostics emitted by the noUntrustedLicenses rule.

• #10358 05c2617 Thanks @​dyc3! - Fixed #10356: biome rage --linter now displays rules enabled through linter domains in the enabled rules list.

• #10300 950247c Thanks @​dyc3! - Fixed #10265: Svelte function bindings such as bind:value={get, set} are now parsed more precisely, so noCommaOperator won't emit false positives for that syntax anymore.

• #9786 e71f584 Thanks @​MeGaNeKoS! - Fixed #8480: useDestructuring now provides variableDeclarator and assignmentExpression options to control which contexts enforce destructuring, matching ESLint's prefer-destructuring configuration. Both default to {array: true, object: true}. The diagnostic for object destructuring in assignment expressions now instructs users to wrap the assignment in parentheses.

• #10425 1948b72 Thanks @​sjh9714! - Fixed #10244: The useOptionalChain rule now detects negated guard inequality chains like !foo || foo.bar !== "x".

• #10442 001f94f Thanks @​ematipico! - Fixed #10411: noMisusedPromises no longer causes a stack overflow when a nested function returns an object with shorthand properties that shadow destructured variables from an outer scope.

• #10318 9b1577f Thanks @​dyc3! - Added support for formatter.trailingCommas in overrides. This option was previously available in the top-level formatter configuration but missing from formatter overrides.

• #10319 2e37709 Thanks @​dyc3! - Fixed Vue and Svelte formatting for standalone interpolations in inline elements. Biome now preserves existing newlines in cases like:

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.16

Patch Changes

• #10329 ef764d5 Thanks @​Conaclos! - Fixed an issue where diagnostics showed an incorrect location in Astro files.

• #10363 50aa415 Thanks @​dyc3! - Fixed HTML formatting for a case where comments could cause the formatter to split up a closing tag, which would cause the resulting HTML to be syntactically invalid.

  Input:

  <span
    ><!-- 1
  --><span>a</span
    ><!-- 2
  --><span>b</span
    ><!-- 3
  --></span>

  Output:

    <span
  	  ><!-- 1
  - --> <span>a</span<!-- 2
  - --> ><span>b</span><!-- 3
  + --><span>a</span><!-- 2
  + --><span>b</span><!-- 3
    --></span
    >

• #10465 0c718da Thanks @​dfedoryshchev! - Fixed diagnostics emitted by the noUntrustedLicenses rule.

• #10358 05c2617 Thanks @​dyc3! - Fixed #10356: biome rage --linter now displays rules enabled through linter domains in the enabled rules list.

• #10300 950247c Thanks @​dyc3! - Fixed #10265: Svelte function bindings such as bind:value={get, set} are now parsed more precisely, so noCommaOperator won't emit false positives for that syntax anymore.

• #9786 e71f584 Thanks @​MeGaNeKoS! - Fixed #8480: useDestructuring now provides variableDeclarator and assignmentExpression options to control which contexts enforce destructuring, matching ESLint's prefer-destructuring configuration. Both default to {array: true, object: true}. The diagnostic for object destructuring in assignment expressions now instructs users to wrap the assignment in parentheses.

• #10425 1948b72 Thanks @​sjh9714! - Fixed #10244: The useOptionalChain rule now detects negated guard inequality chains like !foo || foo.bar !== "x".

• #10442 001f94f Thanks @​ematipico! - Fixed #10411: noMisusedPromises no longer causes a stack overflow when a nested function returns an object with shorthand properties that shadow destructured variables from an outer scope.

• #10318 9b1577f Thanks @​dyc3! - Added support for formatter.trailingCommas in overrides. This option was previously available in the top-level formatter configuration but missing from formatter overrides.

• #10319 2e37709 Thanks @​dyc3! - Fixed Vue and Svelte formatting for standalone interpolations in inline elements. Biome now preserves existing newlines in cases like:

... (truncated)

Commits

• 5f4ea56 ci: release (#10326)
• de2a33c fix(core): regression in emitted types (#10478)
• d835303 docs: remove redundant default phrase in useConsistentObjectDefinitions rul...
• 4f1aaf2 fix: incorrect build when using build or test (#10426)
• dc73b6b refactor: make plugins opt-in via feature gate (#10418)
• e71f584 feat(useDestructuring): add options for assignment/declaration and improve di...
• 9b1577f fix(config): support trailingCommas in overrides (#10318)
• See full diff in compare view

Updates cypress from 15.15.0 to 15.16.0

Release notes

Sourced from cypress's releases.

v15.16.0

Changelog: https://docs.cypress.io/app/references/changelog#15-16-0

Commits

• 22aaf23 chore: bump cypress-example-kitchensink to 6.0.2 for release (#33921)
• 448155c fix(cli): use verbose Listr renderer in CI for install + verify output (#33890)
• 01cd887 chore: surface wrong-passphrase client cert PEM errors consistently in OpenSS...
• 4534d04 fix: pin @​sinonjs/fake-timers type resolution in bundled sinon types (#33886)
• d7cd85a refactor(server): convert unit test specs to TypeScript (#33899)
• 2d5366d test: preserve allowCypressEnv in subscription test config rewrites (#33910)
• fcee425 chore: updating v8 snapshot cache (#33909)
• 986c3b2 chore: updating v8 snapshot cache (#33903)
• de76502 chore: Update v8 snapshot cache - linux (#33875)
• 247a033 chore: updating v8 snapshot cache (#33901)
• Additional commits viewable in compare view

Updates start-server-and-test from 3.0.5 to 3.0.6

Release notes

Sourced from start-server-and-test's releases.

v3.0.6

3.0.6 (2026-06-02)

Bug Fixes

• deps: remove bluebird and use native Promise (#467) (c748117)

Commits

• c748117 fix(deps): remove bluebird and use native Promise (#467)
• a5e1cfb chore: add .gitattributes to enforce LF line endings (#468)
• 719581b chore(deps): add minimum release age for installation / updating (#470)
• See full diff in compare view

Updates vite from 8.0.14 to 8.0.16

Release notes

Sourced from vite's releases.

v8.0.16

Please refer to CHANGELOG.md for details.

v8.0.15

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.16 (2026-06-01)

Bug Fixes

• deps: reject UNC paths for launch-editor-middleware (#22571) (50b9512)
• reject windows alternate paths (#22572) (dc245c7)

8.0.15 (2026-06-01)

Features

• send 408 on request timeout (#22476) (c85c9ee)
• update rolldown to 1.0.3 (#22538) (646dbed)

Bug Fixes

• capitalize error messages and remove spurious space in parse error (#22488) (85a0eff)
• deps: update all non-major dependencies (#22511) (2686d7d)
• dev: fix html-proxy cache key mismatch for /@fs/ HTML paths (#21762) (47c4213)
• glob: error on relative glob in virtual module when no files match (#22497) (5c8e98f)
• optimizer: close the rolldown bundle when write() rejects (#22528) (e3cfb9d)
• resolve: provide onWarn for viteResolvePlugin in JS plugin containers (#22509) (40985f1)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#22566) (3052a67)

Code Refactoring

• correct logic in collectAllModules function (#22562) (6978a9c)

Commits

• f94df87 release: v8.0.16
• dc245c7 fix: reject windows alternate paths (#22572)
• 50b9512 fix(deps): reject UNC paths for launch-editor-middleware (#22571)
• 8d1b019 release: v8.0.15
• 2686d7d fix(deps): update all non-major dependencies (#22511)
• 3052a67 chore(deps): update rolldown-related dependencies (#22566)
• e3cfb9d fix(optimizer): close the rolldown bundle when write() rejects (#22528)
• 6978a9c refactor: correct logic in collectAllModules function (#22562)
• 646dbed feat: update rolldown to 1.0.3 (#22538)
• 85a0eff fix: capitalize error messages and remove spurious space in parse error (#22488)
• Additional commits viewable in compare view

Updates vitest from 4.1.7 to 4.1.8

Release notes

Sourced from vitest's releases.

v4.1.8

   🐞 Bug Fixes

• browser:
  • Disable client cdp API when allowWrite/allowExec: false [backport to v4]  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10450 (e4067)
  • Remove orphaned Playwright route when same module is mocked via multiple ids [backport to v4]  -  by @​toxik and @​Zelys-DFKH in vitest-dev/vitest#10474 (675b4)

    View changes on GitHub

Commits

• e61f2dd chore: release v4.1.8
• e4067b3 fix(browser): disable client cdp API when allowWrite/allowExec: false [ba...
• See full diff in compare view

Updates vue-tsc from 3.3.2 to 3.3.3

Release notes

Sourced from vue-tsc's releases.

v3.3.3

vscode

• fix: prevent grammar scopes leakage in capitalized tags (#6073) - Thanks to @​KazariEX!
• fix: preserve TS auto imports behavior in Vue files (#6072) - Thanks to @​KazariEX!

workspace

• fix: read PR title from env in auto-version workflow to prevent injection (#6074) - Thanks to @​arpitjain099!

Our Sponsors ❤️

... (truncated)

Changelog

Sourced from vue-tsc's changelog.

3.3.3 (2026-05-30)

vscode

• fix: prevent grammar scopes leakage in capitalized tags (#6073) - Thanks to @​KazariEX!
• fix: preserve TS auto imports behavior in Vue files (#6072) - Thanks to @​KazariEX!

workspace

• fix: read PR title from env in auto-version workflow to prevent injection (#6074) - Thanks to @​arpitjain099!

Commits

• 5c41b5f v3.3.3 (#6079)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[akhuoa]

Good to go.